Description

install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file.

Remediation

References

CVE-2017-9741

Related Vulnerabilities

MyBB Improper Access Control Vulnerability (CVE-2015-8973)

XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-31988)

PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-39526)

qdPM Sensitive Information Disclosure Vulnerability (CVE-2015-3882)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.20)

Severity

Critical

Classification

CVE-2017-9741 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities